As organizations move away from managing their own data centers, Amazon’s Web Services Infrastructure-as-a-Service (IaaS) offering is being adopted at rapid rates. We recently attended their Re:Invent conference and with no shock, found incredible synergy with its cybersecurity advancements.
The Big Picture
In addition to shifting data to cloud SaaS applications like Google Apps and Dropbox, companies are migrating internal data centers into the cloud and using these environments to develop homegrown applications. This means that security concerns are extending beyond the protection of data within existing cloud apps and into the infrastructural environments on which new apps are being developed, run and even sold. As IaaS use grows, security is no longer just a checkbox somewhere down the list of project requirements; it’s now an overarching concern at the executive levels of each organization.
How Amazon is Raising the Bar
As out-of-the-box IaaS-level security strengthens, we can refine the focus of our Cybersecurity-as-a-Service offerings to more advanced functionality. So it’s no wonder there was a lot of buzz at this year’s Re:Invent conference around the announcement of new security features for AWS. Here, we’ll briefly run through the three AWS announcements we found most relevant to cloud cybersecurity:
- Config Rules is a new built-in framework of rules that monitors configurations and makes sure your AWS user accounts are secure according to user-configurable compliance policies. While it can’t ensure end users comply, or remediate instances where compliance is breached, it will alert you when any of your rules is broken.
- Amazon Inspector is a service that collects information, monitors compliance, and creates alerts in order to minimize security issues with web applications deployed on AWS.
- AWS WAF is a new Web Application Firewall which gives users more control over which traffic is permitted/restricted to your web applications.
So, Am I All Set With Security on AWS?
This question can’t be answered with a simple yes or no. Instead, we’ll go with what some may recognize as the main tenet of improv comedy: ‘yes, and.‘ (Take note, as this may very well be the first time improv comedy and cybersecurity were referenced in the same article. But, I digress…) Are you all set? Yes. Amazon’s built-in security is an invaluable foundation. And there are other crucial steps that should be taken to further secure your environments.
Even at hotels with 24/7 front desk staff and restricted keycard access to elevators and rooms, we still store our valuables in an in-room safe. By that same token, while IaaS providers are responsible for securing their cloud-computing platform, it’s up to individual businesses to monitor usage, unauthorized access, and modifications to configuration settings within the environment.
You could also think of your IaaS-level security as the alarm system at your house. It’ll protect you against break-ins and give you peace of mind that outsiders won’t get their hands on your prized possessions. However, the people who live in your house could also pose threats to the security of your possessions (maliciously or unintentionally)– just ask anyone with kids!
In order to control for the use/misuse of objects within the house (or the data within your company’s multi-cloud environment) you need to take additional measures toward monitoring the behavior of the people who live there– the users in your network, if you will. That’s where cloud cybersecurity comes in: to protect your data, monitor user behavior, and prevent security threats through user enablement and education.
CloudLock’s Cybersecurity Solution for AWS
CloudLock’s Cybersecurity-as-a-Service offerings complement Amazon’s built-in security in four ways:
- Protecting Your User Identities
High profile users are the key to your company’s sensitive data. If user accounts are compromised, an intruder could gain access to critical information. While IaaS providers like Amazon make sure user accounts are secure, CloudLock helps individual organizations make sure the privileged users are who they say they are. CloudLock for AWS gives you visibility into changes to key configurations, as well as any anomalous or abnormal user login behaviors. While AWS protects your root user accounts, CloudLock helps in making sure you are aware when new users gain access to root user accounts, for example.
- Protecting Your Workloads
CloudLock leverages Amazon’s built-in security services to help protect workloads outside the AWS scope in a streamlined fashion. You don’t have to write code or do any deep integration; it’s as simple as configuring CloudLock to look for the right information and you can gain visibility into who is doing what, when and why. By setting up policies around compliance or sharing permissions specific to your organization, you can monitor potential threats from initial alert all the way through to remediation.
- Embedding Cybersecurity into Homegrown Apps
Because our software is API-based, CloudLock allows security capabilities to be integrated directly into apps that organizations develop. This brings the data and security insights directly into the hands of the end user, rather than just the developers. Giving users the ability to monitor and control their security parameters from within the apps they are running makes for a much more efficient and actionable approach to cybersecurity.
- The Power of Correlated Insights
As an API-driven cloud Cybersecurity-as-a-Service solution, CloudLock aggregates security intelligence across multiple cloud environments, including not only SaaS applications such as Salesforce and Dropbox, but also IaaS, PaaS, and IDaaS solutions. In doing so, CloudLock gains a level of insight unavailable to point solutions, detecting a high volume of security events, many of which would otherwise slip through the cracks.
Protect your IaaS Environment
See for yourself how CloudLock’s Cybersecurity-as-a-Service offerings can work in tandem with your IaaS, PaaS, SaaS, and even IDaaS solution to help reinvent the way your business develops, runs, sells, and protects its cloud applications. Request a free assessment now.